|
||||
|
Or, if you prefer: “WHMCS versus PHP.” Blogged for the next sysadmin searching Google. $DAYJOB recently acquired WHMCS to help automate virtual server provisioning, billing, and so on. According to everything I’ve read, WHMCS runs just fine on FreeBSD, so I installed the prerequisites on a 9.0-i386 machine. As with any server for PHP-based Web . . . → Read More: Installing WHMCS on FreeBSD 9.0-RELEASE Everybody knows that DNS is insecure, and DNS Security Extensions (DNSSEC) is supposed to fix that. I know that several of my readers consider DNSSEC suboptimal, but it’s the standard, so we get to live with it. I recently got DNSSEC working on BIND 9.9. As I write this 9.9 is in Release Candidate state, . . . → Read More: Basic DNSSEC with BIND 9.9 Peter has already read and reviewed SSH Mastery. While a few of my readers have been kind enough to post reviews on Amazon and Smashwords (which I very deeply appreciate), Peter’s is the first long review. And here I should confess something: The very existence of SSH Mastery is Peter’s fault. Peter will be doing . . . → Read More: SSH Mastery Review from Peter Hansteen To my surprise, SSH Mastery is available at Smashwords. I don’t know if this version will make it through to Kobo and iBooks, but you can buy it now. If I have to update it to get the book through the Smashwords Meatgrinder and into third-party stores, you’d get access to those later versions . . . → Read More: SSH Mastery available at Smashwords I just finished uploading the ebook versions of SSH Mastery to Amazon and Barnes & Noble. The manuscript is en route to the print layout person. Amazon should have the book available in 24 hours or so, Barnes & Noble in 24-72 hours. Once they’re available, I’ll be able to inspect the ebooks to check . . . → Read More: SSH Mastery ebook uploaded to Amazon and B&N With BIND 9.8, enabling DNSSec resolution and verification is now so simple and low-impact there’s absolutely no reason to not do it. Ignore the complicated tutorials filling the Internet. DNSSec is very easy on recursive servers. DNS is the weak link in Internet security. Someone who can forge DNS entries in your server can use . . . → Read More: enable DNSSec resolution on BIND 9.8.1 One of the nicest things about writing a book is that your tech reviewers tell you completely new but cool stuff about your topic. While I was writing the OpenSSH book, one of the more advanced reviewers mentioned that you could use your SSH agent as an authentication source for sudo via pam_ssh_agent_auth. I have . . . → Read More: sudo auth via ssh-agent My more complex Web sites run atop WordPress on Apache and MySQL. Every so often, Apache devours all available memory and the server becomes very very slow. I must log in, kill Apache, and restart it. The more moving parts something has, the harder it is to debug. Apache, with all its modules, has a . . . → Read More: Moving Static Sites from Apache to nginx I secure my BSD servers with PF. In FreeBSD 9, PF has been updated to the same version as in OpenBSD 4.5. I use lists in my PF configuration, as shown in this /etc/pf.conf snippet: mgmt_hosts=”{ 10.0.1.0/24, 172.19.8.0/24}” … pass in on $ext_if from $mgmt_hosts … When I have new management hosts, I add their . . . → Read More: FreeBSD 9 PF macro & table changes I recommend using sudo for privileged access to systems. I also recommend requiring keys for SSH authentication, with agent forwarding to trusted systems. The default settings in these two programs collide head-on when you become superuser via sudo and want to copy files from one server to another with scp or sftp. If you’re using . . . → Read More: sudo environment purging and OpenSSH |
||||
|
Subscribe to Posts Subscribe to Comments |
||||
